A Blog from QualiTest

September 25, 2014

When Facebook went down for 2.5 hours in June 2014, many instances were recorded where users immediately rushed over to Twitter. Chris Brogan, a social...

When Facebook went down for 2.5 hours in June 2014, many instances were recorded where users immediately rushed over to Twitter. Chris Brogan, a social media marketing expert and New York Times bestselling author, left LinkedIn because of its issues and stated that he would be solely focusing his social media efforts on Google+. There are a multitude of horror stories about the bugs that reside in social media, making one wonder about the software testing that is invested in the platforms.

Twitter

In January 2014, Karnesh Mehrah discovered that you can look like a “Twitter Celebrity” by having as many followers as you want. This bug was exploited by logging into a second Twitter account, accessing the link twitter.com/[targethandle] (where targethandle represents your main twitter account) and then pound on the follow button until your finger gets tired. Voila, you can have more followers than the founders of Twitter themselves.

Many Twitter users of 2012 experienced hurt feelings when supposed Twitter friends stopped following them. However, it only turned out to be a bug, where Twitter was inexplicably “unfollowing” random people. In a society where companies use Twitter to perform business through tweets and direct messaging, it is more than likely that greater catastrophes than just hurt feelings occurred because of this bug.

In 2010, a Turkish citizen discovered that you can force anyone to follow you on twitter. By tweeting “accept username”, like “accept QualiTest”, QualiTest would automatically follow you. It was never explained by Twitter why this bug existed. Twitter contains many documented text commands, such as typing “STATS” to view your Twitter activity, and “FOLLOW USERNAME” to follow another person; however, these commands are benign and contained to your own account, while the “ACCEPT” command allows you to influence other’s.

Facebook

In September of 2013, an Indian engineer received $12,500 for reporting a bug that allowed a user to delete any image on Facebook that was posted by anyone, without the original poster’s knowledge and approval. When using the mobile version of Facebook’s Support Dashboard, which allows users to flag and report a picture for removal, a user could manually modify the Photo_id and the photo owner’s Profile_id parameters, changing the photo removal link can be sent to one’s own Facebook ID and deleting the photo without the original uploader’s knowledge.

Mark Zuckerberg received a rude awakening received a rude awakening in 2013 when a user discovered a bug where website URLs could be hacked to grab anyone’s Facebook ID and posting on a non-friend’s Facebook Timeline. Palestinian security researcher and hacker Khalil Shreateh wrote on Zuckerberg’s Timeline, “First sorry for breaking your privacy and post to your wall. I has no other choice to make after all the reports I sent to Facebook team.” Although Shreateh had reported the error to Facebook previously, the Facebook White Hat security team refused to acknowledge the bug. Well played, Shreateh.

From 2007 to 2012, an ongoing issue was reported from many Facebook users that publicly displayed non-public direct messages on some user’s Timelines. Metro France reported, “”There may be messages from Inbox or chat conversations on internal Facebook. These messages are found mixed with comments from friends on the wall”.

LinkedIn

In June 2014, it was reported by The Register that LinkedIn accounts located outside of the US and Europe could be hijacked. Due to a failure to promptly fix a SSL stripping vulnerability, attackers could jump between the user and the service and replace the secure protocol with HTTP, allowing access to User IDs, passwords and all LinkedIn data. It was only after receiving six separate warnings throughout the course of a year that LinkedIn began to address the issue.

Marketing Land reported a bug in 2013 where not only links that were posted to the company page directed the user to error pages, but also “impressions” of company pages in LinkedIn members’ streams were unexplainably decreasing. While Marketing Land was able to create a workaround by adding the link in the headline, they noted that “It’s discouraging to not have your company profile page work properly.”

Chris Brogan, an extremely successful social media marketing expert, called it quits for his LinkedIn profile in 2012 when he was experiencing issues with successfully adding people who requested a connection, along with a litany of other problems. When a social media guru decides to not use your social media outlet, it may be a sign that much, much more testing needs to be performed before you are releasing updates to your site.

Are these social media outlets not properly testing their software because of the high rate at which updates released, or does the issue reside in the fact that these social media outlets just don’t care, figuring that popularity will retain their user base? In this technology-driven world, the victor in the social media race may not end up as that with the best concepts, but as that with the least bugs and most ease of use.